wg: allow setting WG_ENDPOINT_RESOLUTION_RETRIES
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This commit is contained in:
parent
604b5a9fa7
commit
10487e7215
2 changed files with 25 additions and 4 deletions
26
src/config.c
26
src/config.c
|
@ -174,11 +174,29 @@ static inline bool parse_ip(struct wgallowedip *allowedip, const char *value)
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static inline int parse_dns_retries(void)
|
||||||
|
{
|
||||||
|
unsigned long ret;
|
||||||
|
char *retries = getenv("WG_ENDPOINT_RESOLUTION_RETRIES"), *end;
|
||||||
|
|
||||||
|
if (!retries)
|
||||||
|
return 15;
|
||||||
|
if (!strcmp(retries, "infinity"))
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
ret = strtoul(retries, &end, 10);
|
||||||
|
if (*end || ret > INT_MAX) {
|
||||||
|
fprintf(stderr, "Unable to parse WG_ENDPOINT_RESOLUTION_RETRIES: `%s'\n", retries);
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
return (int)ret;
|
||||||
|
}
|
||||||
|
|
||||||
static inline bool parse_endpoint(struct sockaddr *endpoint, const char *value)
|
static inline bool parse_endpoint(struct sockaddr *endpoint, const char *value)
|
||||||
{
|
{
|
||||||
char *mutable = strdup(value);
|
char *mutable = strdup(value);
|
||||||
char *begin, *end;
|
char *begin, *end;
|
||||||
int ret;
|
int ret, retries = parse_dns_retries();
|
||||||
struct addrinfo *resolved;
|
struct addrinfo *resolved;
|
||||||
struct addrinfo hints = {
|
struct addrinfo hints = {
|
||||||
.ai_family = AF_UNSPEC,
|
.ai_family = AF_UNSPEC,
|
||||||
|
@ -219,11 +237,11 @@ static inline bool parse_endpoint(struct sockaddr *endpoint, const char *value)
|
||||||
*end++ = '\0';
|
*end++ = '\0';
|
||||||
}
|
}
|
||||||
|
|
||||||
for (unsigned int timeout = 1000000;;) {
|
#define min(a, b) ((a) < (b) ? (a) : (b))
|
||||||
|
for (unsigned int timeout = 1000000;; timeout = min(20000000, timeout * 6 / 5)) {
|
||||||
ret = getaddrinfo(begin, end, &hints, &resolved);
|
ret = getaddrinfo(begin, end, &hints, &resolved);
|
||||||
if (!ret)
|
if (!ret)
|
||||||
break;
|
break;
|
||||||
timeout = timeout * 3 / 2;
|
|
||||||
/* The set of return codes that are "permanent failures". All other possibilities are potentially transient.
|
/* The set of return codes that are "permanent failures". All other possibilities are potentially transient.
|
||||||
*
|
*
|
||||||
* This is according to https://sourceware.org/glibc/wiki/NameResolver which states:
|
* This is according to https://sourceware.org/glibc/wiki/NameResolver which states:
|
||||||
|
@ -238,7 +256,7 @@ static inline bool parse_endpoint(struct sockaddr *endpoint, const char *value)
|
||||||
#ifdef EAI_NODATA
|
#ifdef EAI_NODATA
|
||||||
ret == EAI_NODATA ||
|
ret == EAI_NODATA ||
|
||||||
#endif
|
#endif
|
||||||
timeout >= 90000000) {
|
(retries >= 0 && !retries--)) {
|
||||||
free(mutable);
|
free(mutable);
|
||||||
fprintf(stderr, "%s: `%s'\n", ret == EAI_SYSTEM ? strerror(errno) : gai_strerror(ret), value);
|
fprintf(stderr, "%s: `%s'\n", ret == EAI_SYSTEM ? strerror(errno) : gai_strerror(ret), value);
|
||||||
return false;
|
return false;
|
||||||
|
|
|
@ -211,6 +211,9 @@ If set to \fIalways\fP, always print ANSI colorized output. If set to \fInever\f
|
||||||
.TP
|
.TP
|
||||||
.I WG_HIDE_KEYS
|
.I WG_HIDE_KEYS
|
||||||
If set to \fInever\fP, then the pretty-printing \fBshow\fP sub-command will show private and preshared keys in the output. If set to \fIalways\fP, something invalid, or unset, then private and preshared keys will be printed as "(hidden)".
|
If set to \fInever\fP, then the pretty-printing \fBshow\fP sub-command will show private and preshared keys in the output. If set to \fIalways\fP, something invalid, or unset, then private and preshared keys will be printed as "(hidden)".
|
||||||
|
.TP
|
||||||
|
.I WG_ENDPOINT_RESOLUTION_RETRIES
|
||||||
|
If set to an integer or to \fIinfinity\fP, DNS resolution for each peer's endpoint will be retried that many times for non-permanent errors, with an increasing delay between retries. If unset, the default is 15 retries.
|
||||||
|
|
||||||
.SH SEE ALSO
|
.SH SEE ALSO
|
||||||
.BR ip (8),
|
.BR ip (8),
|
||||||
|
|
Loading…
Reference in a new issue